Plateforme de Hacking

HackBBS.org est une communauté faisant évoluer un système de services vulnérables.

Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet d'améliorer les technologies que nous utilisons et/ou de mieux comprendre l'ingénierie social.

Nous défendons les valeurs de l'entraide, du challenge personnel et contribuons modestement à rendre l'expérience des utilisateurs finaux la plus agréable possible.

Vous pouvez nous rencontrer via notre salon irc.
Le forum est en cours de remplacement par une version plus moderne, et tout aussi faillible que l'ancien ^^.
A ce jours nous enregistrons plusieurs dizaines de hack réussi contre notre site, et ce chiffre est en constante évolution. Merci a tous les contributeurs!

La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés.
Hacker
  • Sniffing
  • Cracking
  • Buffer overflow
  • Créations d'exploits
  • Social engineering
  • L'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • Injection de code SSI, SQL, etc...
  • Utilisation d'exploits, création de scripts(php, irc, perl)
Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.
Flux RSS

flux RSS d'HackBBS Abonnez-vous. Soyez prévenu des tournois, challenges, actualités, ...
Recevez nos dernières actualités sur notre flux RSS.



Challenges
Vous pourrez également participer à de nombreux challenges en constant renouvellement (si possible :p)
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: p43-13.txt
                              ==Phrack Magazine==



                 Volume Four, Issue Forty-Three, File 13 of 27



                              [My Bust Continued]





IX.  Consultations



Dale and I began to consider options in our battle against this senseless

investigation.  We spent many nights pondering the issue, and arrived at a

number of conclusions.



Since we had already talked to the police, and were rapidly realizing

what a vast error that had been, we wondered how it was possible

to sidestep, avoid or derail the investigation.  We hoped that Ron

Gere and others would not be held accountable for my actions, a wish

that was to be denied.



A great deal of resentment existed toward me in those whose

lives were affected, and I would be either an idiot or a liar to deny

that my actions affected many people, in many places, some of whom I

had never even met in person.  However, I was unable to do anything

for many of these people, so I concentrated largely on my own survival

and that of those near me.



Dale and I decided, eventually, that the only person who could claim

any real damage was Dhamir Mannai, and we arranged an

appointment with him to discuss what had happened.



We met in his book-lined office in the Electrical Engineering Office,

and shook hands before beginning a discussion.  I explained what

I had done, and why I had done it, and apologized for any damages that

had occurred.  Dale, similarly, excused my actions, and while he had

nothing to do with them, noted that he was under investigation as well.



We offered to help repair the /etc/groups file which I had damaged,

but due to the circumstances, it is understandable that he politely

declined our offer.



Dhamir was surprisingly sympathetic, though justifiably angered.  However,

after about a half hour of discussion, he warmed from suspicion to

friendliness, and after two hours of discussion he offered to testify

for us against the police, noting that he had been forced on two previous

occasions to testify against police.  He held a very dim

view of the investigation, and noted that "The police have bungled the case

very badly."  Dhamir, in fact, was so annoyed by the investigation that he

called Wayne that night to object to it.  He made it clear that he

intended to oppose the police.



The next night, as Dale and I were entering the Music Building, a police

cruiser came to a sudden stop in the parking lot and Wayne walked up to

us with a perturbed expression.



Without pausing for greetings, he informed us that he was now

considering filing additional charges against us for "Tampering with

Witnesses," without identifying the witness.  In his eyes, the legality

of restraining our actions and speech based on hypothetical and unfiled

charges was not relevant; and he was angry that a primary witness had

been rendered useless to him.



Finally, we talked more informally.  Genuinely curious about his

motivations, we asked him about the investigation and what turns

could be expected in the future.  Realizing that the investigation

had entered a quiescent stage and we would not likely meet again

until court, we talked with him.



Dale said "So let me get this straight.  They saddled the older,

more experienced cop with the recruit?"



Wayne didn't answer, but nodded glumly.



"What's this like for you?" I asked.



"Well, I have to admit, in my twenty-three years on the force,

this case is the biggest hassle I've ever had."



"I can see why," said Dale.



"I almost wish you had been in charge of this case, instead of that

goof Jeff," I said.



"Yes, he's too jumpy," said Dale.  "Like an Irish Setter with a gun."



"Well, if I'd been in charge of this case," Wayne said, "it would have

been down the pike a long time ago."



After more discussion of this sort, Wayne's walkie-talkie burst into

cop chatter.



"We have three men, throwing another man, into a dumpster, behind

Willard," the voice said.



"I guess this means you have to leave, Wayne," said Dale.



Wayne looked embarrassed.  We exchanged farewells.



Another very helpful person was Professor Richard Devon,

of the Science, Technology and Science department of Penn State.  We

read an article he wrote on the computer underground which, while

hardly condoning malicious hacking, certainly objected to the prevailing

witch-hunt mentality.  We contacted him to discuss the case.



He offered to provide testimony in our behalf, and informed us

of the prevailing attitudes of computer security professionals at

Penn State and elsewhere.  He corroborated our belief that the

vendetta against us was largely due to the fact that we had embarrassed

Penn State, and that the intensity of the investigation was also largely

due to fallout from the Morris Worm incident.



The fact that he was on the board of directors for the Engineering Computer

Lab increased the value of his testimony.  We were expecting damaging

testimony from Bryan Jensen of ECL.



He was friendly and personable, and we talked for several hours.



While there was nothing he could do until the time came to give testimony,

it was very gratifying to find two friends and allies in what we had

thought was a hostile camp.



Our feeling of isolation and paranoia began to dwindle, and we began to

feel more confident about the possible outcome of the investigation.





X.  Going Upstairs



With a new-found confidence, we decided to see if it were possible to

end this investigation entirely before charges were filed and it

became a criminal prosecution.



Dale called the Director of Police Services with the slim hope that

he had no knowledge of this investigation and might intervene to stop

it.  No dice.



Dale and I composed a letter to the district attorney objecting to

the investigation, also in the hopes of avoiding the prosecution of

the case.  I include the letter:





    Dear Mr. Gricar:



    We are writing to you because of our concerns regarding an investigation

    being conducted by the Pennsylvania State University Department of

    University Safety with respect to violations of Pa.C.S.A. tilde 3933

    (Unlawful Use of Computer) alleged to us.  We have enclosed a copy of

    this statute for your convenience.



    Despite recommendations from NASA security officials and concerned members

    of the professional and academic computing community that we file suit

    against the Pennsylvania State Universities, we have tried earnestly to

    accommodate this investigation.



    We have cooperated fully with Police Services Officers Wayne Weaver

    and Jeffrey Jones at every opportunity in this unnecessary eight-week

    investigation.   However, rather than arranging for direct communication

    between the complaining parties and us to make it possible to make clear

    the nature of our activities, the University Police have chosen to siphon

    information to these parties in an easily-misinterpreted and secondhand

    manner.  This has served only to obscure the truth of the matter and create

    confusion, misunderstanding and inconvenience to all involved.



    The keen disappointment of the University Police in finding that we have

    not been involved in espionage, electronic funds transfer or computer

    terrorism appears to have finally manifested itself in an effort to

    indict us for practices customary and routine among faculty and students

    alike. While we have come to realize that activities such as using a

    personal account with the permission of the authorized user may constitute

    a violation of an obscure and little-known University policy, we find it

    irregular and unusual that such activities might even be considered a

    criminal offense.



    The minimal and inferential evidence which either will

    or has already been brought before you is part of a preposterous attempt to

    shoehorn our alleged actions into the jurisdiction of a law which lacks

    relevance to a situation of this nature.



    We have found this whole affair to be capricious and arbitrary, and despite

    our reasonable requests to demonstrate and display our activities in the

    presence of computer-literate parties and with an actual computer, they

    have, for whatever reasons, denied direct lines of communication which

    could have enabled an expeditious resolution to this problem.



    This investigation has proceeded in a slipshod manner, rife with inordinate

    delays and intimidation well beyond that justified by an honest desire to

    discern the truth.  While certain evidence may appear to warrant scrutiny,

    this evidence is easily clarified; and should the District Attorney's

    office desire, we would be pleased to provide a full and complete

    accounting of all our activities at your convenience and under oath.



    In view of the judicial system being already overtaxed by an excess of

    important and pressing criminal cases, we would like to apologize for

    this matter even having encroached on your time.



                                      Sincerely yours,







                                      Dale Garrison

                                      Robert W. F. Clark





This letter had about as much effect as might be imagined, that is to

say, none whatever.



My advice from this experience is that it is very likely that you will

be able to find advice in what you might think to be a hostile quarter.

To talk to the complaining party and apologize for any damage you might

have caused is an excellent idea, and has a possibility of getting the

charges reduced or perhaps dropped entirely.



Simply because the police list a person as a complaining party does not

necessarily mean that the person necessarily approves of, or even has

knowledge of, the police proceedings.  In all likelihood, the complaining

parties have never met you, and have no knowledge of what your

motivations were in doing what you did.  With no knowledge of your motives,

they are likely to attribute your actions to malice.



If there are no demonstrable damages, and the person is sympathetic, you

may find an ally in the enemy camp.  Even if you have damaged a machine,

you are in a unique position to help repair it, and prevent further

intrusion into their system.



Regardless of the end result, it can't hurt to get some idea of what

the complaining parties think.  If you soften outright hostility and

outrage even to a grudging tolerance, you have improved the chance

of a positive outcome.



While the police may object to this in very strong terms, and make dire

and ambiguous threats, without a restraining order of some kind there

is very little they can do unless you have bribed or otherwise

offered a consideration for testimony.



Talking to the police, on the other hand, is a very bad idea, and

will result in disaster.  Regardless of any threats and intimidation they

use, there is absolutely nothing they can do to you if you do not

talk to them.  Any deal they offer you is bogus, a flat-out lie.  They

do not have the authority to offer you a deal.  These two facts can not

be stressed enough.  This may seem common knowledge, the sort even an

idiot would know.  I knew it myself.



However, from inexperience and arrogance I thought myself immune

to the rules.  I assumed that talking to them could damage nothing,

since I had done nothing wrong but make a mistake.  Certainly

this was just a misunderstanding, and I could easily clear it up.



The police will encourage you to believe this, and before you realize it

you will have told them everything they want to know.



Simply, if you are not under arrest, walk away.  If you are

under arrest, request an attorney.



Realize that I, a confirmed paranoid, knowing and having heard this

warning from other people, still fell into the trap of believing myself

able to talk my way out of prosecution.  Don't do the same thing

yourself, either from fear or arrogance.



Don't tell them anything.  They'll find out more than enough without

your help.





XI.  Interlude



Finally, after what had seemed nearly two weeks of furious activity,

constant harassment and disasters, the investigation entered a more

or less quiescent state.  It was to remain in this state for several

months.



This is not to say that the harassment ceased, or that matters improved.

The investigation seemed to exist in a state of suspended animation, from

our viewpoint.  Matters ceased getting worse exponentially.

Now, they merely got worse arithmetically.



My parents ejected me from home for the second time due to my

grades.  They did not know about the police investigation.  I

was in no hurry to tell them about it.  I could have went to live

with my father, but instead I returned to State College by bus, with no

money, no prospects and no place to live.  I blamed the police

investigation for my grades, which was not entirely correct.  I

doubt, however, that I would have failed as spectacularly as I had

if the police had not entered my life.



Over the Christmas break, when the campus was mostly vacant, Dale

noticed a new set of booted footprints in the new-fallen snow every

night, by the window to the Electronic Music Lab, and by that window

only.



A few times, I heard static and odd clicks on the telephone at

the Lab, but whether this was poor telephone service or some

clumsy attempt at a wiretap I can not say with assurance.



I discovered that my food card was still valid, so

I had a source of free food for a while.  I had switched to a

nocturnal sleep cycle, so I slept during the day in the Student Union

Building, rose for a shower in the Athletics Building at about midnight,

and hung out in the Electronic Music Lab at night.  Being homeless is not as

difficult as might be imagined, especially in a university environment,

as long as one does not look homeless.  Even if one does look scruffy,

this will raise few eyebrows on a campus.



Around this time, I switched my main interest from computer hacking to

reading and writing poetry, being perhaps the thousandth neophyte poet

to use Baudelaire as a model.  I suppose that I was striving to create

perfection from imperfect materials, also my motivation for hacking.



Eventually, Dale offered to let me split the rent with him on a room.

The police had 'suggested' that WPSX-TV3 fire him from his job as an

audio technician.  Regardless of the legality of this skullduggery,

WPSX-TV3, a public television station, reprehensibly fired him.

This is another aspect of the law-enforcement mentality which bears

close examination.



While claiming a high moral ground, as protectors of the community,

they will rationalize a vendetta as somehow protecting some vague and

undefined 'public good.'  With the zeal of vigilantes, they

will eschew the notion of due process for their convenience.  Considering

the law beneath them, and impatient at the rare refusal of judges and

juries to be a rubber-stamp for police privilege, they will take

punishment into their own hands, and use any means necessary to destroy

the lives of those who get in their way.



According to the Random House Dictionary of the English Language

(Unabridged Edition):



    Police state:  a nation in which the police, especially a

    secret police, suppresses any act by an individual or group

    that conflicts with governmental policy or principle.



Since undisclosed members of CERT, an organization directly

funded by Air Force Intelligence, are authorized to make anonymous

accusations of malfeasance without disclosing their identity, they

can be called nothing but secret police.



The spooks at the CIA and NSA also hold this unusual privilege, even if

one does not consider their 'special' operations.  What can these

organizations be called if not secret police?



It can not be denied, even by those myopic enough to believe that such

organizations are necessary, that these organizations comprise a vast

and secret government which is not elected and not subject to legal

restraint.  Only in the most egregious cases of wrongdoing are these

organizations even censured; and even in these cases, it is only the

flunkies that receive even a token punishment; the principals, almost

without exception, are exonerated and even honored.  Those few

who are too disgraced to continue work even as politicians ascend to

the rank of elder statesmen, and write their memoirs free from

molestation.



When your job, your property and your reputation can be destroyed

or stolen without recompense and with impunity, what can our

nation be called but a police state?  When the police are even free

to beat you senseless without provocation, on videotape, and still

elude justice, what can this nation be called but a police state?



Such were my thoughts during the months when the investigation

seemed dormant, as my anger began, gradually, to overcome

my fear.  This is the time that I considered trashing

the Penn State data network, the Internet, anything I could.

Punishment, to me, has always seemed merely a goad to future

vengeance.  However, I saw the uselessness of taking revenge on

innocent parties for the police's actions.



I contacted the ACLU, who showed a remarkable lack of interest in

the case.  As charges had not been filed, there was little they

could do.  They told me, however, to contact them in the event

that a trial date was set.



"If you cannot afford an attorney, one will be provided for you."

This is, perhaps, the biggest lie in the litany of lies

known as the Miranda rights.  It is the court which prosecutes

you that decides whether you can afford an attorney, and the same

court selects that attorney.



Without the formal filing of charges, you can not receive the assistance

of a public defender.  This is what I was told by the public defender's

office.  Merely being investigated apparently does not entail the right

to counsel, regardless of the level of harassment involved in the

investigation.



We remained in intermittent contact with the police, and called

every week or so to ask what was happening.  We learned nothing new.

The only information of any importance I did learn was at a

party.  Between hand-rolled cigarettes of a sort never sold by

the R. J. Reynolds' Tobacco Company, I discussed my case.



This might not be the sort of thing one would normally do at a party,

but if you are busted you will find that the investigation takes a

central role in your life.  When you are not talking about it, you

are thinking about it.  When you are not thinking about it, you are

trying the best you can not to think about it.  It is a cherished belief

of mine that anyone who survives a police investigation ought to receive

at least an Associate's degree in Criminal Law; you will learn more about

the law than you ever wished to know.



The person on my right, when I said that Jeffery Jones was in charge

of the case, immediately started.  "He was in my high school class,"

said the man, who sported a handlebar mustache.



"What?  Really?  What's he like?  Is he as much of an asshole in person?"

I asked.



"He was kind of a weird kid."



"How?  What's he done?  Have you kept in touch?"



"Well, all I really know about him is that he went out to be a cop in

Austin, but he couldn't take it, had a breakdown or something, and came

back here."



"I can see that.  He's a fucking psycho."



I gloated over this tidbit of information, and decided that I would

use it the next time I met the police.



This was to be several weeks.  Though we had given the police our work

schedules, phone numbers at home, work and play; and informed them when

they might be likely to locate us at any particular place, we had apparently

underestimated the nearly limitless incompetence of Penn State's elite

computer cops.



As he was walking to work one day, Dale saw Jeffery Jones driving

very slowly and craning his neck in all directions, apparently looking

for someone.  However, he failed to note the presence of Dale, the only

person on the street.  Dale wondered whether Jeffery had been looking for

him.



The next night at the Lab, the telephone rang.  With a series of typical,

frenzied accusations Jeffery Jones initiated the conversation.  He believed

that we had been attempting to escape or evade him in some manner.  Wayne

was on another line, and Dale and I talked from different phones.



"You've been trying to avoid us, haven't you?" Jeffery shouted.



"Where have you been?" asked Wayne.



"We told you where we'd be.  You said you'd be in touch,"  I said.



"We haven't been able to find you," said Wayne.



"Look, you have our goddamn work schedule, our address, our phone

numbers, and where we usually are.  What the hell else do you need?"

asked Dale.



"We went to your address.  The guy we talked to didn't know where

you were,"  said Wayne.



As we discovered later that night, the police had been at our apartment,

and had knocked on the wrong door, that of our downstairs neighbor,

a mental patient who had been kicked out of the hospital after Reagan's

generous revision of the mental health code.  His main activity was

shouting and threatening to kill people who weren't there, so the

consternation of the police was not surprising.



"So we weren't there.  You could have called," said Dale.



"I just hope you don't decide to leave the area.  We're going to

arrest you in a couple of days," said Wayne.



"You've been saying that for the last three months," I said.

"What's taking so long?"



"The secretary's sick," said Jeffery.



"You ought to get this secretary to a doctor.  She must be

really goddamn sick, if she can't type up an arrest warrant

in three months," said Dale.



"Hell, I'll come down and type up the damn thing myself, if

it's too tough for the people you have down there," I offered.



"No, that won't be necessary," said Wayne.



"Look, when you want to arrest us, just give us a call and we'll

come down.  Don't pull some dumb cop routine like kicking in the

door," said Dale.



"Okay," Wayne said.  "Your cooperation will be noted."



"By the way, Jeff, I heard you couldn't hack it in Austin," I said.



Silence followed.



After an awkward silence, Wayne said:  "We'll be in touch."



We said our goodbyes, except for Jeffery, and hung up the phones.



I somewhat regretted the last remark, but was still happy with its

reception.  It is probably unwise to play Scare-the-Cops, but by

then I no longer gave a damn.  He was probably dead certain that I

had found this information, and other tidbits of information I had

casually mentioned, in some sort of computer database.  His mind

was too limited to consider the possibility that I had met an old

high-school chum of his and pumped him for information.



By this time, our fear of the police had diminished, and both of

us were sick to death of the whole business.  We just hoped that

whatever was to happen would happen more quickly.



When the police first started threatening to arrest us within days,

it would send a tremor down my spine.  However, after three months of

obfuscation, excuses, continued harassment of this nature, my only

response to this threat was anger and boredom.



At least, upon arrest, we would enter a domain where there were some

rules of conduct and some certainty.  The Kafkaesque uncertainty and

arbitrarily redefined rules inherent in a police investigation were

intolerable.



After another month of delay, the police called us again,

and we agreed to come in to be arrested at nine o'clock the

next morning.



It was possible that the police would jail us, but it seemed unlikely.

Two prominent faculty members had strongly condemned the behavior of

the police.  The case was also politically-charged, and jailing us

would likely have resulted in howls of outrage, and perhaps even in

a civil or criminal suit against Penn State.



Wayne told us that we would have to go to the District Magistrate

for a preliminary hearing.  Dale said that we would go, but demanded a ride

there and back.  The police complied.



We were more relieved than worried.  Finally, something was happening.





XII.  The Arrest



On a cold and sunny morning we walked into the police station to be

arrested.  I was curious as to the fingerprinting procedure.  The cops

were to make three copies of my fingerprints, one for the local police,

one for the state police, and one for the FBI.



Jeffery was unable to fingerprint me on the first two attempts.

When he finally succeeded in fingerprinting me, he had to do it again.

He had incorrectly filled out the form.  Finally, with help

from Wayne, he was able to fingerprint me.



Dale was more difficult.  Jeffery objected to the softness of Dale's

fingers, and said that would make it difficult.  The fact that Dale's

fingers were soft, as he is a pianist more accustomed to smooth

ivory than plastic, would seem to exonerate him from any charge of

computer hacking.  However, such a thought never troubled the idyllic

vacancy of Jeffery's mind.  He was too busy bungling through

the process of fingerprinting.  Wayne had to help him again.



There was soap and water for washing the ink from our

fingers.  However, it left the faintest trace of ink on the pads

of my fingers, and I looked at the marks with awe, realizing that

I had been, in a way, permanently stigmatized.



However, as poorly as the soap had cleaned my fingers, I thought

with grim amusement that Jeffery would have much more difficulty

cleaning the ink from his clothes.



Jeffery did not take the mug shots.  A photographer took them.

Therefore, it went smoothly.



Finally, Wayne presented me with an arrest warrant affidavit, evidently

written by Jeffery Jones.  A paragon of incompetence, incapable of

performing the simplest task without assistance, Jeff had written an

eighteen-page arrest warrant affidavit which was a marvel of incoherence

and inaccuracy.  This document, with a list of corrections and emendations,

will appear in a separate article.



While reading the first five pages of this astounding document, I attempted

to maintain an air of solemnity.  However, by the sixth page, I was stifling

giggles.  By the seventh, I was chuckling out loud.  By the eighth page I

was laughing.  By the ninth page I was laughing loudly, and I finished the

rest of the document in gales of mirth.  Everyone in the room stared at me

as if I were insane.  This didn't bother me.  Most of my statements to the

police resulted in this sort of blank stare.  Even Dale looked as if

he thought I had cracked, but he understood when he saw his arrest

warrant affidavit, nearly identical to mine.



I simply was unable to take seriously that I had spent months worrying

about what kind of a case they had, when their best effort was this

farrago of absurdities.



They took us to Clifford Yorks, the District Magistrate, in separate

cars.  This time, we rode in the front seat, and two young recruits

were our chauffeurs.  Dale asked his driver if he could turn on the

siren.  The cop was not amused.



The only thing which struck me about Clifford Yorks was

that he had a remarkably large head.  It appeared as if it

had been inflated like a beach ball.



The magistrate briefly examined the arrest warrant affidavits,

nodded his vast head, and released us on our own recognizance,

in lieu of ten thousand dollars bail.  He seemed somewhat preoccupied.

We signed the papers and left.  The police offered to give

us a ride right to our house, but we said we'd settle for being

dropped off in town.



Being over a month in arrears for rent, we did not like the idea

of our landlord seeing us arrive in separate police cars; also,

our address was rather notorious, and other residents would be

greatly suspicious if they saw us with cops.



An arraignment was scheduled for a date months in the future.

The waiting game was to resume.





XIII.  Legal Counsel



Having been arrested, we were at last eligible for legal counsel.

We went to the yellow pages and started dialing.  We started with

the attorneys with colored half-page ads.  Even from those advertising

"Reasonable Rates," we received figures I will not quote for fear

of violating obscenity statutes.



Going to the quarter-page ads, then the red-lettered names, then the

schmucks with nothing but names, we received the same sort of numbers.

Finally talking to the _pro bono_ attorneys, we found that we were

entitled to a reduction in rates of almost fifty per cent.



This generosity brought the best price down to around three thousand

dollars, which was three thousand dollars more than we could afford.



So we contacted the public defender's office.



Friends told me that a five thousand dollar attorney is worse, even,

than a public defender; and that it takes at least twenty thousand

to retain an attorney with capable of winning anything but the most

open-and-shut criminal case.



After a certain amount of bureaucratic runaround, we were assigned two

attorneys.  One, Deborah Lux, was the Assistant Chief Public Defender;

the other, Dale's attorney, was Bradley Lunsford, a sharp, young

attorney who seemed too good to be true.



We discussed the case with our new attorneys, and were told that the

best action we could take to defend ourselves was to do nothing.



This is true.  Anything we had attempted in our own defense, with

the exception of contacting the complaining party, had been harmful

to our case.  Any discussions we had with the police were taped and

examined for anything incriminating.  A letter to the district

attorney was ignored entirely.



Do absolutely nothing without legal counsel.  Most legal counsel will

advise you to do nothing.  Legal counsel has more leverage than you do,

and can make binding deals with the police.  You can't.



We discussed possible defenses.



As none of the systems into which I had intruded had any sort of warning

against unauthorized access, this was considered a plausible defense.



The almost exclusive use of 'guest' accounts was also beneficial.



A more technical issue is the Best Evidence rule.  We wondered whether

a court would allow hardcopy as evidence, when the original document was

electronic.  As it happens, hardcopy is often admissible due to

loopholes in this rule, even though hardcopy is highly susceptible to

falsification by the police; and most electronic mail has no

built-in authentication to prove identity.



Still, without anything more damaging than electronic mail, a case

would be very difficult to prosecute.  However, with what almost

amounted to a taped confession, the chance of a conviction

was increased.



We went over the arrest warrant affidavit, and my corrections to it,

with a mixture of amusement and consternation.



"So what do you think of this?" asked Dale.



After a moment of thought, Deb Lux said:  "This is gibberish."



"I just had a case where a guy pumped four bullets into his brother-in-law,

just because he didn't like him, and the arrest warrant for that was two

pages long.  One and a half, really," said Brad.



"Does this help us, at all, that this arrest warrant is just demonstrably

false, that it literally has over a hundred mistakes in it?" I asked.



"Yeah, that could help," said Brad.



We agreed to meet at the arraignment.





XIV.  The Stairwells of Justice



The arraignment was a simple procedure, and was over in five minutes.

Prior to our arraignment, five other people were arraigned on charges

of varying severity, mainly such heinous crimes as smoking marijuana

or vandalism.



Dale stepped in front of the desk first.  He was informed of the charges

against him, asked if he understood them, and that was it.



I stepped up, but when the judge asked me whether I understood the charges,

I answered that I didn't, and that the charges were incomprehensible

to a sane human being.  I had hoped for some sort of response, but

that was it for me, too.



A trial date was set, once again months in advance.



A week before the date arrived, it was once again postponed.



During this week, we were informed that Dale's too good to be true

attorney, Brad Lunsford, had went over to the District Attorney's

office.  He was replaced by Dave Crowley, the Chief District Attorney,

a perpetually bitter, pock-faced older man with the demeanor and

bearing of an angry accountant.



Crowley refused to consider any of the strategies we had discussed

at length with Brad and Deb.  Dale was understandably irate at the

sudden change, as was I, for when Deb and I were attempting to discuss

the case he would interject rude comments.



Finally, after some particularly snide remark, I told him to fuck

off, or something similarly pleasant, and left.  Dale and I tried to

limit our dealings to Deb, and it was Deb who handled both of our

cases to the end, for which I thank God.



The day arrived.



We dressed quite sharply, Dale in new wool slacks and jacket.  I dressed

in a new suit as well, and inserted a carnation in my buttonhole as

a gesture of contempt for the proceedings.



Dale looked so sharp that he was mistaken for an attorney twice.  I

did not share this distinction, but I looked sharp enough.  I had

shaved my beard a month previously after an error in trimming,

so I looked presentable.



We realized that judges base their decisions as much on your appearance

as on what you say.  We did not intend to say anything, so

appearance was of utmost importance.



We arrived at about the same time as at least thirty assorted computer

security professionals, police, witnesses and ancillary court personnel.

Dhamir Mannai and Richard Devon were there as well, and we exchanged

greetings.  Richard Devon was optimistic about the outcome, as was

Dhamir Mannai.  The computer security people gathered into a tight,

paranoid knot, and Richard Devon and Dhamir Mannai stood about ten

feet away from them, closer to us than to them.  Robert Owens,

Angela Thomas, Bryan Jensen, and Dan Ehrlich were there, among others.

They seemed nervous and ill-at-ease in their attempt at formal dress.

Occasionally, one or another would glare at us, or at Devon and Mannai.

I smiled and waved.



A discussion of some sort erupted among the computer security people,

and a bailiff emerged and requested that they be quiet.  The second time this

was necessary, he simply told them to shut up, and told them to take

their discussion to the stairwells.  Dale and I had known of the noise

policy for some time, and took all attorney-client conferences to the

stairwells, which were filled at all times with similar conferences.

It seemed that all the hearings and motions were just ceremonies without

meaning; all the decisions had been made, hours before, in the stairwells

of justice.



Finally Deb Lux arrived, with a sheaf of documents, and immediately left,

saying that she would return shortly.  A little over twenty minutes later,

she returned to announce that she had struck a deal with Eileen Tucker,

the Assistant District Attorney.



In light of the garbled nature of the police testimony, the spuriousness

of the arrest warrant affidavit, the hostility of their main witness,

Dhamir Mannai, and the difficulty of prosecuting a highly technical case,

the Office of the District Attorney was understandably reluctant to

prosecute us.



I was glad not to have to deal with Eileen Tucker, a woman affectionately

nicknamed by other court officials "The Wicked Witch of the West."

With her pallid skin, and her face drawn tightly over her skull as

if she had far too much plastic surgery, this seemed an adequately

descriptive name, both as to appearance and personality.



The deal was Advanced Rehabilitative Disposition, a pre-trial diversion in

which you effectively receive probation and a fine, and charges are dismissed,

leaving you with no criminal record.  This is what first-time

drunk drivers usually receive.



It is essentially a bribe to get the cops off your back.



The fines were approximately two thousand dollars apiece, with Dale

arbitrarily receiving a fine two hundred dollars greater than mine.



After a moment of thought, we decided that the fines were too large.

We turned down the deal, and asked her if she could get anything

better than that.



After a much shorter conference she returned, announcing

that the fines had been dropped by about a third.  Still unsatisfied,

but realizing that the proceedings, trial, jury selection, delays,

sentencing, motions of discovery and almost limitless writs and

affidavits and appeals would take several more months, we agreed

to the deal.  It was preferable to more hellish legal proceedings.



We discussed the deal outside with Richard Devon; Dhamir Mannai had left,

having pressing engagements both before and after his testimony had

been scheduled.  We agreed that a trial would probably have resulted

in an eventual victory, but at what unaffordable cost?  We had no

resources or time for a prolonged legal battle, and no acceptable

alternative to a plea-bargain.





XV.  The End?  Of Course Not; There Is No End



This, we assumed incorrectly, was the end.  There was still a date

for sentencing, and papers to be signed.



Nevertheless, this was all a formality, and weeks distant.  There

was time to prepare for these proceedings.  The hounds of spring

were on winter's traces.  Dale and I hoped to return to what was

left of our lives, and to enjoy the summer.



This hope was not to be fulfilled.



For, while entering the Electronic Music Lab one fine spring night,

Andy Ericson [*], a locally-renowned musician, was halted by the

University Police outside the window, as he prepared to enter.

We quickly explained that we were authorized to be present, and

immediately presented appropriate keys, IDs and other evidence that

we were authorized to be in the Lab.



Nevertheless, more quickly than could be imagined, the cops grabbed

Andy and slammed him against a cruiser, frisking him for

weapons.  They claimed that a person had been sighted carrying a

firearm on campus, and that they were investigating a call.



No weapons were discovered.  However, a small amount of marijuana

and a tiny pipe were found on him.  Interestingly, the police log

in the paper the following day noted the paraphernalia bust, but

there was no mention of any person carrying a firearm on campus.



Andy, a mathematician pursuing a Master's Degree, was performing

research in a building classified Secret, and thus required a security

clearance to enter the area where he performed his research.



His supervisor immediately yanked his security clearance, and

this greatly jeopardized his chances of completing his thesis.



This is, as with my suspicions of wiretapping, an incident in which

circumstantial evidence seems to justify my belief that the

police were, even then, continuing surveillance on my friends and

on me.  However, as with my wiretapping suspicions, there is

a maddening lack of substantial evidence to confirm my belief

beyond a reasonable doubt.



Still, the police continued their series of visits to the Lab, under

one ruse or another.  Jeffery Jones, one night, threatened to arrest

Dale for being in the Electronic Music Lab, though he had been informed

repeatedly that Dale's access was authorized by the School of Music.  Dale

turned over his keys to Police Services the following day, resenting it

bitterly.



This, however, was not to be a victory for the cops, but a crushing

embarrassment.  While their previous actions had remained at least

within the letter of the law and of university policy, this was

egregious and obvious harassment, and was very quickly quashed.



Bob Wilkins, the supervisor of the Electronic Music Lab; Burt Fenner,

head of the Electronic Music division; and the Dean of the College of

Arts and Architecture immediately drafted letters to the University

Police objecting to this illegal action; as it is the professors and

heads of departments who authorize keys, and not the University

Police.  The keys were returned within three days.



However, Jeffery was to vent his impotent rage in repeated visits to

the Lab at late hours.  On a subsequent occasion, he again threatened

to arrest Dale, without providing any reason or justification for it.



The police, Jeffery and others, always had some pretext for these visits,

but the fact that these visits only occurred when Dale was

present in the Lab, and that they visited no one else, seems to be

solid circumstantial evidence that they were more than routine

checkups.



Once the authorities become interested in you, the file is never

closed.  Perhaps it will sit in a computer for ten or twenty years.

Perhaps it will never be accessed again.  However, perhaps some

day in the distant future the police will be investigating some

unrelated incident, and will once again note your name.  You were

in the wrong building, or talked to the wrong person.  Suddenly,

their long-dormant interest in you has reawakened.  Suddenly, they

once again want you for questioning.  Suddenly, once again, they

pull your life out from under you.



This is the way democracies die, not by revolution or coups d'etat,

not by the flowing of blood in the streets like water, as historical

novelists so quaintly write.  Democracies die by innumerable papercuts.

Democracies die by the petty actions of petty bureaucrats who, like

mosquitoes, each drain their little drop of life's blood until none

is left.





XVI.  Lightning Always Strikes the Same Place Twice



One day, Dale received in the mail a subpoena, which informed him that

his testimony was required in the upcoming trial of Ron Gere, who

had moved to Florida.  The cops had charged him with criminal

conspiracy in the creation of the Huang account at the Engineering

Computer Lab.



Now, not only was I guilty of being used as a weapon against a

friend, but also guilty of this further complication, that the

police were to use a friend of mine as a weapon against yet

another friend.



It is interesting to note the manner in which the police use

betrayal, deceit and infamous methods to prosecute crime.



It is especially interesting to note the increased use of

such methods in the prosecution of crimes with no apparent victim.

Indeed, in this specific case, the only victim with a demonstrable

loss testified against the police and for the accused.



Dale resolved to plead the Fifth to any question regarding Ron,

and to risk contempt of court by doing so, rather than be used

in this manner.



This was not necessary.  As it happened, Ron was to drive well over

two thousand miles simply to sign a paper and receive ARD.  The three

of us commiserated, and then Ron was on his way back to Florida.





XVII.  Sentencing



Dale and I reported to the appropriate courtroom for sentencing.  In

the hall, a young man, shackled and restrained by two police officers,

was yelling:  "I'm eighteen, and I'm having a very bad day!"  The cops

didn't bat an eye as they dragged him to the adjoining prison.



We sat.



The presiding judge, the Hon. David C. Grine, surveyed with evident

disdain a room full of criminals like us.  Deborah Lux was there, once

again serving as counsel.  David Crowley was mercifully absent.



The judge briefly examined each case before him.  For each case, he announced

the amount of the fine, the time of probation, and banged his gavel.

Immediately before he arrived at our case, he looked at a man directly to

our left.  Instead of delivering the usual ARD sentence, he flashed a

sadistic grin and said:  "Two years jail."  Dealing marijuana was the crime.

The man's attorney objected.  The judge said:  "Okay, two years, one

suspended."  The attorney, another flunky from the public defender's

office, sat down again.  Two cops immediately dragged the man from the

courtroom to take him to jail.



I noted that practically everyone in the room was poor,

and those with whom I spoke were all uneducated.  DUI was the

most common offense.



Judge Grine came to our case, announced the expected sentence,

and we reported upstairs to be assigned probation officers.  I was

disgusted with myself for having agreed to this arrangement, and

perhaps this was why I was surly with the probation officer, Thomas

Harmon.  This earned me a visit to a court-appointed psychiatrist,

to determine if I were mentally disturbed or on drugs.



That I was neither was satisfied by a single interview, and no

drug-testing was necessary; for which I am grateful, for I would

have refused any such testing.  Exercising this Fifth Amendment-

guaranteed right is, of course, in this day considered to be

an admission of guilt.  The slow destruction of this right began

with the government policy of "implied consent," by which one

signs over one's Fifth Amendment rights against self-incrimination

by having a driver's license, allowing a police officer to pull

you over and test your breath for any reason or for no reason

at all.



I later apologized to Thomas Harmon for my rudeness, as he had

done me no disservice; indeed, a probation officer is, at least,

in the business of keeping people out of jail instead of putting

them there; and his behavior was less objectionable than that of

any other police officer involved in my case.



Very shortly thereafter, realizing that I knew a large number

of the local police on a first-name basis, I left the area, with the

stated destination of Indiana.  I spent the next two years travelling,

with such waypoints as New Orleans, Denver, Seattle and Casper, Wyoming;

and did not touch a computer for three years, almost having a horror

of them.



I did not pay my fine in the monthly installments the court demanded.

I ignored virtually every provision of my probation.  I did not remain

in touch with my probation officer, almost determined that my absence

should be noticed.  I did a lot of drugs, determined to obliterate all

memory of my previous life.  In Seattle, heroin was a drug of choice,

so I did that for a while.



Finally, I arrived at my stated destination, Indiana, with only about

three months remaining in my probation, and none of my fines paid.  Dale,

without my knowledge, called my parents and convinced them to pay the

fine.



It took me a few days of thought to decide whether or not to accept

their generous offer; I had not thought of asking them to pay the fine,

sure that they would not.  Perhaps I had done them a disservice in so

assuming, but now I had to decide whether to accept their help.



If my fines were not paid, my ARD would be revoked, and a new trial

date would be set.  I was half determined to return and fight this

case, still ashamed of having agreed to such a deal under duress.

However, after discussing it at exhaustive length with everyone I

knew, I came to the conclusion that to do so would be foolish and quixotic.

Hell, I thought, Thoreau did the same thing in a similar circumstance;

why shouldn't I?



I accepted my parents' offer.  Three months later, I received a letter in

the mail announcing that the case had been dismissed and my records

expunged, with an annotation to the effect that records would be

retained only to determine eligibility for any future ARD.  I believe

this to the same degree in which I believe that the NSA never

performs surveillance on civilians.  I have my doubts that the FBI

eliminated all mention of me from their files.  I shall decide after

I file a Freedom of Information Act request and receive a reply.



I now have a legitimate Internet account and due to my experiences

with weak encryption am a committed cypherpunk and Clipper Chip

proposal opponent.



What is the moral to this story?



Even now, when I have had several years to gain distance and perspective,

there does not seem to be a clear moral; only several pragmatic

lessons.



I became enamored of my own brilliance, and arrogantly sure that

my intelligence was invulnerability.  I assumed my own immortality,

and took a fall.  This was not due to the intelligence of my

adversaries, for the stupidity of the police was marvellous to

behold.  It was due to my own belief that I was somehow infallible.



Good intentions are only as good as the precautions taken to ensure

their effectiveness.



There is always a Public Enemy Number One.  As the public's fickle

attention strays from the perceived menace of drug use, it will latch

on to whatever new demon first appears on television.  With the

growing prevalence of hatchet jobs on hackers in the public media,

it appears that hackers are to be the new witches.



It is advisable, then, that we avoid behavior which would tend to

confirm the stereotypes.  For every Emmanuel Goldstein or R. U.

Sirius in the public eye, there are a dozen Mitnicks and Hesses;

and, alas, it is the Mitnicks and Hesses who gain the most attention.

Those who work for the betterment of society are much less interesting

to the media than malicious vandals or spies.



In addition, it is best to avoid even the appearance of dishonesty

in hacking, eschewing all personal gain.



Phreaking or hacking for personal gain at the expense of others is

entirely unacceptable.  Possibly bankrupting a small company through

excessive telephone fraud is not only morally repugnant, but also puts

money into the coffers of the monopolistic phone companies that we despise.



The goal of hacking is, and always has been, the desire for full

disclosure of that information which is unethically and illegally

hidden by governments and corporations; add to that a dash of

healthy curiosity and a hint of rage, and you have a solvent capable

of dissolving the thickest veils of secrecy.  If destructive means

are necessary, by all means use them; but be sure that you are not

acting from hatred, but from love.



The desire to destroy is understandable, and I sympathize with it;

anyone who can not think of a dozen government bodies which would be

significantly improved by their destruction is probably too

dumb to hack in the first place.  However, if that destruction merely

leads to disproportionate government reprisals, then it is not only

inappropriate but counterproductive.



The secrecy and hoarding of information so common in the hacker

community mirrors, in many respects, the secrecy and hoarding of

information by the very government we resist.  The desired result

is full disclosure.  Thus, the immediate, anonymous broadband

distribution of material substantiating government and corporate

wrongdoing is a mandate.



Instead of merely collecting information and distributing it

privately for personal amusement, it must be sent to newspapers,

television, electronic media, and any other means of communication

to ensure both that this information can not be immediately

suppressed by the confiscation of a few bulletin board systems

and that our true motives may be discerned from our public and

visible actions.



Our actions are not, in the wake of Operation Sun-Devil and the

Clipper Chip proposal, entirely free.  The government has declared

war on numerous subsections of its own population, and thus has

defined the terms of the conflict.  The War on Drugs is a notable

example, and we must ask what sort of a government declares war

on its own citizens, and act accordingly.



Those of us who stand for liberty must act while we still can.



It is later than we think.





             "In Germany they first came for the Communists and

              I didn't speak up because I wasn't a Communist.

              Then they came for the Jews, and I didn't speak up

              because I wasn't a Jew.  Then they came for the

              trade unionists, and I didn't speak up because I

              wasn't a trade unionist.  Then they came for the

              Catholics, and I didn't speak up because I was a

              Protestant.  Then they came for me--and by that

              time no one was left to speak up."  Martin Niemoeller



              "They that can give up essential liberty to obtain

               a litle temporary safety deserver neither

               liberty nor safety."  Benjamin Franklin



---------

APPENDIX A



[From cert-clippings]



Date: Sat, 10 Mar 90 00:22:22 GMT

From: thomas@shire.cs.psu.edu (Angela Marie Thomas)

Subject: PSU Hackers thwarted



The Daily Collegian  Wednesday, 21 Feb 1990



Unlawful computer use leads to arrests

ALEX H. LIEBER, Collegian Staff Writer



Two men face charges of unlawful computer use, theft of services in a

preliminary hearing scheduled for this morning at the Centre County Court of

Common Pleas in Bellefonte.  Dale Garrison, 111 S. Smith St., and Robert W.

Clark, 201 Twin Lake Drive, Gettysburg, were arrested Friday in connection with

illegal use of the University computer system, according to court records.

Garrison, 36, is charged with the theft of service, unlawful computer use

and criminal conspiracy.  Clark, 20, is charged with multiple counts of

unlawful computer use and theft of service.  [...]



Clark, who faces the more serious felony charges, allegedly used two computer

accounts without authorization from the Center of Academic Computing or the

Computer Science Department and, while creating two files, erased a file from

the system.  [...]  When interviewed by University Police Services, Clark

stated in the police report that the file deleted contained lists of various

groups under the name of "ETZGREEK."  Clark said the erasure was accidental,

resulting from an override in the file when he tried to copy it over onto a

blank file.  According to records, Clark is accused of running up more than

$1000 in his use of the computer account.  Garrison is accused of running up

more than $800 of computer time.



Police began to investigate allegations of illegal computer use in November

when Joe Lambert, head of the university's computer department, told police a

group of people was accessing University computer accounts and then using those

accounts to gain access to other computer systems.  Among the systems accessed

was Internet, a series of computers hooked to computer systems in industry,

education and the military, according to records.



The alleged illegal use of the accounts was originally investigated by a

Computer Emergency Response Team at Carnegie-Mellon University, which assists

other worldwide computer systems in investigating improper computer use.



Matt Crawford, technical contact in the University of Chicago computer

department discovered someone had been using a computer account from Penn State

to access the University of Chicago computer system.









 



Manifest
Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox


Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.
ET À CE TITRE, NI LA COMMUNAUTÉ, NI L'ADMINISTRATEUR, NI L'HÉBERGEUR, NE POURRONT, NI NE SERONT RESPONSABLE DE VOS ACTES.